::: CVA Privacy Statement :::



	CARDIOVASCULAR ASSOCIATES, PC NOTICE OF PRIVACY PRACTICES THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY. During your treatment at Cardiovascular Associates, PC doctors, nurses, and other caregivers may gather information about your medical history and your current health. This notice explains how that information may be used and shared with others. It also explains your privacy rights regarding this kind of information. The terms of this notice apply to health information created or received by Cardiovascular Associates, PC. We are required by law to: make sure that medical information that identifies you is kept private; give you this notice of our legal duties and privacy practices with respect to medical information about you; and follow the terms of the notice that is currently in effect. Your medical information may be used and disclosed for the following purposes: • Treatment: We may use your information to provide, coordinate, and manage your care and treatment. For example, a Cardiovascular Associates, PC physician may share your medical information with another physician for a consultation or a referral. • Payment: We may use and disclose medical information about you so that the treatment and services you receive may be billed to, and payment may be collected from, you, an insurance company, or another third party. For example, we may need to give your health plan information about treatment you received at Cardiovascular Associates, PC so your health plan will pay us or reimburse you for the treatment. We may also tell your health plan about a treatment you are going to receive to obtain prior approval or to determine whether your plan will cover the treatment. We may disclose medical information about you for purposes of an independent review of a denial of a claim based on lack of medical necessity. • Health Care Operations: We may use and disclose medical information about you for Cardiovascular Associates, PC’s health care operations. Health care operations are the uses and disclosures of information that are necessary to run Cardiovascular Associates, PC and to make sure that all of our patients receive quality care. For example, we may use medical information to review our treatment and services, and to evaluate the performance of our staff and physicians in caring for you. We will get your written consent before making disclosures to others outside Cardiovascular Associates, PC for health care operations purposes. • Appointment Reminders and Other Health Information: We may use your medical information to send you reminders about future appointments. We may also contact you with information about new or alternative treatments or other health care services. • To People Assisting in Your Care. Cardiovascular Associates, PC will only disclose medical information to those taking care of you, helping you to pay your bills, or other close family members of friends if these people need to know this information to help you, and then only to the extent permitted by law. We may, for example, provide limited medical information to allow a family member to pick up a prescription for you. In addition, if you have a chronic mental illness, we may provide certain information regarding your condition to family members following the disclosure requirements under Iowa law. If you are able to make your own health care decisions, Cardiovascular Associates, PC will ask your permission before using your medical information for these purposes. If you are unable to make health care decisions, Cardiovascular Associates, PC will disclose relevant medical information to family members or other responsible people if we feel it is in your best interest to do so, including in an emergency situation. • Research: Federal law permits Cardiovascular Associates, PC to use and disclose medical information about you for research purposes, either with your specific, written authorization or when the study has been reviewed for privacy protection by an Institutional Review Board or Privacy Board before the research begins. In some cases, researchers may be permitted to use information in a limited way to determine whether the study or the potential participants are appropriate. • As Required by Law: We will disclose medical information about you when we are required to do so by federal, state or local law. • To Avert a Serious Threat to Health or Safety: We may use and disclose medical information about you when necessary to prevent a serious threat to your health and safety or the health and safety of the public or another person. Any disclosure must be only to someone able to help prevent the threat, or the target of the threat. - With regard to HIV/AIDS related information, we may release to the Department of Public Health any relevant information provided by an HIV-positive person regarding any person with whom the HIV-positive person has had sexual relations or has shared drug injecting equipment. We may also reveal the identity of a person who has tested positive for HIV to the extent necessary to protect a third party from the direct threat of transmission. In the event the person who tests positive for HIV is a convicted or alleged sexual assault offender, we are required under Iowa law to disclose the test results to the convicted or alleged offender and to the victim counselor or other person designated by the victim, who shall disclose the results to the victim. - We may notify a care provider who may have been exposed to a disease or may be at risk for contracting or spreading a disease or condition (notification will not include the name of the individual tested for the contagious or infectious disease unless the individual consents). - We may report to the Iowa Department of Transportation information about patients with physical or mental impairments that would interfere with their ability to safely operate a motor vehicle. • To Business Associates: Some services are provided by or to Cardiovascular Associates, PC through contracts with business associates. Examples include Cardiovascular Associates, PC’s, attorneys, consultants, collection agencies, and accreditation organizations. We may disclose information about you to our business associate so that they can perform the job we have contracted with them to do. To protect the information that is disclosed, each business associate is required to sign an agreement to appropriately safeguard the information and not to redisclose the information unless specifically permitted by law. Your medical information may be released in the following special situations: • Organ and Tissue Donation: We may release your medical information to organizations that handle organ procurement or organ, eye or tissue transplantation, or to an organ donation bank, as necessary to facilitate organ or tissue donation and transplantation. The information that Cardiovascular Associates, PC may disclose is limited to the information necessary to make a transplant possible. • Military and Veterans: If you are a member of the armed forces, we will release medical information about you as requested by military command authorities if we are required to do so by law, or when we have your written consent. We may also release medical information about foreign military personnel to the appropriate foreign military authority as required by law or with written consent. • Workers’ Compensation: We may release medical information about you for workers’ compensation or similar programs. These programs provide benefits for work-related injuries or illness. We are permitted to disclose this information to the parties involved in the claim without any specific consent, so long as the information is related to a workers’ compensation claim. • Public Health: We may disclose medical information to public health authorities about you for public health activities. These disclosures generally include the following: - Reports related to preventing or controlling disease, injury or disability; - Reporting births and deaths; - Reporting or providing information pertaining to child abuse or child death to the Department of Human Services or Department of Health, as required by Iowa law; - Reporting or providing information pertaining to abuse of a dependent adult to the Department of Human Services, as required by Iowa law; - Reporting or providing information pertaining to domestic abuse deaths to the Department of Health, as required by Iowa law; - Reporting reactions to medications or problems with products; - Notifying people of recalls of products they may be using; - Reporting information related to sexually transmitted diseases or infection to the Department of Health, as required by Iowa law; or - Reporting to the FDA as permitted or required by law. • Health Oversight Activities: Cardiovascular Associates, PC may disclose medical information to a health oversight agency for health oversight activities that are authorized by law. These oversight activities include, for example, government audits, investigations, inspections, and licensure activities. These activities are necessary for the government to monitor the health care system, government programs, and compliance with civil rights laws. • Lawsuits and Disputes: If you are involved in a lawsuit, dispute, or other judicial proceeding, we will disclose medical information about you only in response to a valid court order, administrative order, subpoena of a substitute medical decision-making board, or a grand jury subpoena, or with your written consent. We may disclose information in the context of civil litigation where you have put your condition at issue in the litigation. • Law Enforcement: We may release medical information if asked to do so by a law enforcement official in response to a valid court order, grand jury subpoena, or warrant, or with your written consent. In addition, we are required to report certain types of wounds, such as gunshot or stab wounds. We will not disclose information regarding substance abuse to any law enforcement officer or law enforcement agency unless you have authorized the disclosure. We may disclose information relevant to a determination of whether a person is or continues to be a sexually violent predator to law enforcement agencies or the attorney general. We may also release information to law enforcement for the following reasons: - To identify or locate a suspect, fugitive, material witness, or missing person; - About a death we believe may be the result of criminal conduct; - About criminal conduct at our facility; and - In emergency circumstances to report a crime; the location of the crime or victims; or the identity, description or location of the person who committed the crime. • Coroners, Medical Examiners, and Funeral Directors: We will release medical information to a coroner or medical examiner in the case of certain types of death. This may be necessary, for example, to identify you or determine the cause of death. We may also release the fact of death and certain demographic information about you to funeral directors as necessary to carry out their duties. Other disclosures from your health record will require the consent of a surviving spouse, parent, a person appointed by you in writing, or your legally authorized representative. • Protective Services for the President and Others: We will disclose medical information about you to authorized federal officials so they may provide protection to the President, other authorized persons, or foreign heads of state, or conduct special investigations only as required by law or with your written consent. • Inmates: If you are an inmate of a correctional institution or under the custody of a law enforcement official, we will release medical information about you to the correctional institution or law enforcement official only as required by law or with your written consent. You have the following rights regarding medical information we maintain about you: • Right to Inspect and Copy: You have the right to inspect and receive a copy of your medical information that is used to make decisions about your care. Usually, this includes medical and billing records maintained by Cardiovascular Associates, PC. If you wish to inspect and copy medical information, you must submit your request in writing to Cardiovascular Associates, PC. If you request a copy of the information, we may charge a fee for the costs of copying, mailing, or other supplies associated with your request, to the extent permitted by state and federal law. We may deny your request to inspect and copy your information in certain very limited circumstances. For example, we may deny access if your physician believes it will be harmful to your health, or could cause a threat to others. If you are denied access to medical information, you may request that the denial be reviewed. Another licensed health care professional chosen by Cardiovascular Associates, PC will review your request and the denial. The person conducting the review will not be the person who denied your request. We will comply with the outcome of the review. • Right to Request Amendment: If you believe that medical information we have about you is incorrect or incomplete, you have the right to ask us to change the information. You have the right to request an amendment for as long as the information is kept by or for Cardiovascular Associates, PC. To request a change to your information, your request must be made in writing and submitted to Cardiovascular Associates, PC. In addition, you must provide a reason that supports your request. Cardiovascular Associates, PC may deny your request for an amendment if it is not in writing or does not include a reason to support the request. In addition, we may deny your request if you ask us to amend information that: - Was not created by Cardiovascular Associates, PC, unless the person or entity that created the information is no longer available to make the amendment; - Is not part of the medical information kept by or for Cardiovascular Associates, PC; - Is not part of the information which you would be permitted to inspect and copy; or - Is accurate and complete. • Right to an Accounting of Disclosures: You have the right to request an “accounting of disclosures.” This is a list of the disclosures we made of medical information about you. This list will not include disclosures for treatment, payment, and health care operations; disclosures that you have authorized or that have been made to you; disclosures for facility directories; disclosures for national security or intelligence purposes; disclosures to correctional institutions or law enforcement with custody of you; disclosures that took place before April 14, 2003; and certain other disclosures. To request this list of disclosures, you must submit your request in writing to Cardiovascular Associates, PC. Your request must state a time period for which you would like the accounting. The accounting period may not go back further than six years from the date of the request, and it may not include dates before April 14, 2003. You may receive one free accounting in any 12-month period. We will charge you for additional requests. • Right to Request Restrictions: You have the right to request a restriction or limitation on the medical information we use or disclose about you. For example, you could ask that we not use or disclose information about treatment that you received to other physicians or to your insurance company. We are not required to agree to your request. If we do agree, we will comply with your request unless the information is needed to provide you emergency treatment. To request restrictions, you must make your request in writing to Cardiovascular Associates, PC. In your request, you must tell us (1) what information you want to limit; (2) whether you want to limit our use, disclosure, or both; and (3) to whom you want the limits to apply, for example, if you want to prohibit disclosures to your spouse. • Right to Request Confidential Communications: You have the right to request that we communicate with you about medical matters in a certain way or at a certain location. For example, you can ask that we only contact you only at work or only by mail. To request confidential communications, you must make your request in writing to Cardiovascular Associates, PC. We will not ask you the reason for your request. We will accommodate all reasonable requests. Your request must specify how or where you wish to be contacted, and we may require you to provide information about how payment will be handled. • Right to a Paper Copy of This Notice: You have the right to receive a paper copy of this notice. You may ask us to give you a copy of this notice any time. This notice is on our website, www.cvassoc.com. Changes to This Notice The effective date of this notice is April 14, 2003. We reserve the right to change this notice. We reserve the right to make the revised or changed notice effective for medical information we already have about you, as well as any information we receive in the future. If the terms of this notice are changed, Cardiovascular Associates, PC will provide you with a revised notice upon request, and we will post the revised notice [on our website and] in designated locations at Cardiovascular Associates, PC. Complaints If you believe your privacy rights have been violated, you may file a complaint with us or with the Secretary of the Department of Health and Human Services. To file a complaint with Cardiovascular Associates, PC, contact Chief Operating Officer, (712) 239-4702. All complaints must be submitted in writing. You will not be penalized for filing a complaint. Other Uses of Medical Information Except as described above, Cardiovascular Associates, PC will not use or disclose your protected health information without a specific written authorization from you. If you provide us with this written authorization to use or disclose medical information about you, you may revoke that authorization, in writing, at any time. If you revoke your authorization, we will no longer use or disclose medical information about you for the reasons covered by your written authorization, except to the extent we have already relied on your authorization. We are unable to take back any disclosures we have already made with your permission, and we are required to retain our records of the care that we provided to you. Please submit questions to: Chief Operating Officer Cardiovascular Associates, PC P.O. Box 3128 801 5th Street, Suite 410 Sioux City, IA 51102 712-239-4702